Information Privacy in the Workplace: Managing the Impact of Innovation

The exponential growth of the Internet combined with increasing digital interoperability and the seamless integration of technologies and mobile devices into our daily and working lives has brought privacy concerns centre... [ view full abstract ]

The exponential growth of the Internet combined with increasing digital interoperability and the seamless integration of technologies and mobile devices into our daily and working lives has brought privacy concerns centre stage. In the main, these concerns have emanated from the pervasive evolution of technologies into our daily lives and our work environments, a fact that has negatively impacted individuals’ ability to control their personal information (Davis, 1997; Pavlou, 2011).  This in turn has sparked much debate in the literature on the need for stricter privacy protection (Rust et al., 2002).  It is therefore unsurprising that information privacy concerns (and how they can be addressed) has emerged as one of the most important moral and ethical issues within the computer-mediated information age (Smith et al., 1996; Mason, 1986).

Whilst commonly viewed as a subset of general privacy (Smith et al., 2011; Belanger and Crossler, 2011), information privacy remains a difficult concept to either discuss or define.   In part this stems from the fact that, as is the case with the general privacy construct, information privacy has been examined from a multiplicity of viewpoints, including ethical (Mason. 1986; Platt, 1995), economical (Waldo et al., 2007; Rust et al., 2002), marketing (Pelter et al., 2010; Miyazaki, 2008; Milne et al., 2008; Sprot, 2008; Wang and Wang, 1998), management (Robey, 1979; Stone and Stone, 1990; Chory et al., 2016), legal (Solove, 1996; Clarke, 1999) and information systems (Dinev et al., 2013; Smith et al., 2011; Pavlou, 2011) perspectives.   Whilst such interest is certainly welcome and adds to the rich extant literature on the construct, these differing viewpoints have nonetheless resulted in copious conceptualisation and operational ambiguities in relation to how information privacy should be perceived, defined and operationalised.  Thus, despite valiant research efforts to synthesise these divergent viewpoints, the picture of information privacy that emerges remains fragmented, discipline specific, beset by inconsistent definitions and characterised by multiple concepts and relationships that are neither fully developed or validated in the literature (Smith et al., 2011).  As a consequence, our understanding of the information privacy concept continues to be constrained and for many it remains a concept that ‘is difficult to grasp’ (Dinev et al., 2013: 295).

In the literature, much research on information privacy has focused on the effect of consumer concerns within the online transactional domain, specifically the degree to which it influences potential purchaser’s trust in online vendors.  This focus is understandable as it reflects the increasing organisational awareness of the value of capturing consumer data in order to personalise the buyer-seller relationship and to assist in forming a responsive data-driven relationship with potential and existing consumers.  It is also an acknowledgement of the fact that information privacy concerns (if unaddressed) have potential to be one of the greatest impediments to the growth of electronic commerce (Son and Kim, 2008).   However, the capturing and storing of personal information, and the threats that this represents to the individual’s privacy, extends far beyond the online transactional domain.   For example, many ethical questions are emerging regarding workplace surveillance (termed dataveillance), particularly regarding the ability of management to monitor employee computer-mediated interactions and the concerning power asymmetry that such actions reflect.   In fact, the deployment of communication monitoring technologies within the workplace could arguably be considered to be far more invasive than the use of monitoring technology in online transaction environments, as organisations have the ability to gather and collate detailed information on their employees on a daily basis and the employee has little ability to prevent this in contrast to the online transaction environment.  The literature confirms the validity of these concerns, showing that the use of communication technologies to monitor employee behaviour is steadily increasing (Lane, 2003; King, 2003; D’Urso, 2006; Allen et al., 2008).  It is unsurprising therefore that as employees have become more aware of the use of technologies to monitor their workplace email and computer interactions, this has resulted in increased privacy concerns on their part regarding how that information is being collated and more importantly how it is used.

From an organisational perspective, the use of these monitoring technologies may be predicated on legitimate rationale.  For example, profit driven organisations however aim to manage their business in an efficient and productive manner and as such it is perhaps unrealistic to expect that such organisations would not avail of the obvious empowering benefits that these communication monitoring technologies afford them particularly as it may be argued that they may in fact have valid reasons to monitor employee actions in the first place.  For example, Findlay and McKinlay (2003: 310) argue that organisations need to monitor employee interaction to ‘guard the organisation against crime, fraud, theft, and to protect the integrity of business critical information systems’. The use of monitoring technologies within the computer-mediated workplace environment allows management to store information relating to employee behaviour and the outcomes associated with these behaviours (Staunton and Stam, 2006).  By their very nature, they enable management to map and influence employee communications (D’Urso, 2006; Allen et al., 2008) easily tracing who talks to whom across various mediums with the company (Dubie, 2007).  Notwithstanding the legitimacy of such arguments, a significant body of research contends that monitoring employee actions threatens their right to privacy (Lane, 2003; Miller and Weckert, 2000; Fairweather, 1999).  Thus ethics researchers such as Miller and Weckert (2000) boldly state that the right to privacy is of far more importance than a company’s right to efficiency and profitability.

Clearly there are two differing perspectives at play in this context.  What is surprising is that neither perspective, nor how they can be balanced effectively, has received adequate attention to date.   Thus, whether management’s ability to monitor employee actions in workplace represents good business practice or constitutes an invasion of privacy remains a matter of speculation.   The impact of such monitoring also remains undetermined.  This is particularly surprising in view of the fact that organisational monitoring of employee communications has potential to result in privacy protective behaviours, negative employee morale and exert a negative impact on productivity.

The aim of this paper therefore is threefold. Firstly, the validity of employee privacy concerns in relation to their computer-mediated communications is outlined.  Secondly, we seek to clarify the research focus by drawing a clear distinction between general and information privacy, as well as provide a brief review of the information-privacy based literature, identifying the sub-dimensions of interest that require further discussion.  Third, we propose a framework to address the moral and functional conditions of surveillance related technology within the computer-mediated workplace environment - answering the call for a more comprehensive understanding of workplace surveillance issues and the concomitant employee privacy concerns.   

The value of this paper lies in the fact that it addresses the relevant information privacy concerns of employees and contextualises that discussion within an ethical framework that seeks to explore and balance the information privacy rights of employees with the interests of the organisation.  Its contribution is both theoretical and practical.  It provides researchers with a deeper insight and holistic understanding of the effect of information privacy concerns in an employment context and consequently makes a valuable contribution not only to information systems research but to practitioners in their efforts to better understand the issues that predict and inhibit information privacy concerns, and therefore employee behavioural responses, within the workplace environment.